Inotify Example: Introduction to Inotify with a C Program Example

inotify utility is an effective tool to monitor and notify filesystem changes. You can specify a list of files and directories that needs to be monitored by inotify. This library is used by various other programs. For example, CPAN module Linux::Inotify is developed based on this library.

iNotify Execution Flow

On a high-level, you do the following with inotify utility.

Create inotify monitoring list. Add the desired directories/files to the inotify monitoring list. Monitoring list can be changed as and when needed

Request Inotify to report specific event changes to the monitoring list of files and directories. For example, request inotify to report ON ACCESS, ON OPEN, ON WRITING, ON CLOSE,etc.,

Following are the inotify functions and their corresponding roles.

Create the inotify instance by inotify_init().

Add all the directories to be monitored to the inotify list using inotify_add_watch() function.

To determine the events occurred, do the read() on the inotify instance. This read will get blocked till the change event occurs. It is recommended to perform selective read on this inotify instance using select() call.

Read returns list of events occurred on the monitored directories. Based on the return value of read(), we will know exactly what kind of changes occurred.

In case of removing the watch on directories / files, call inotify_rm_watch().

Be careful when using this module with NFS filesystem. It might not determine the events changes to the monitoring list that contains files/directories from the NFS filesystem.

Recommended modules / libraries for iNotify

Make sure libc6 2.3.6 module is installed on your system. If you have a previous version of libc module installed, you will get the following error message while compiling the inotify monitoring c program.

Sascha – I know this isn’t a “fast” response, but… The 1024 is “make a buffer that can hold 1024 events”. The 16 is, as far as I can tell, a typo. The size of an inotify event is the size of the struct, plus the length of the filename (that would be the full path), plus a null character. So, this example is seemingly assuming that filenames average 15 characters. To err on the other side of caution, you could assume that every event has the maximum filename length, defined by the “NAME_MAX” constant. That’s defined in limits.h, and is 255 on my Linux systems. In any event, the buffer length there is expressing the number of events to be stored times the rough size of each event. Using “EVENT_SIZE + NAME_MAX +1” would give you the largest possible event size, but you could save some memory by properly analyzing your data beforehand, either programmatically before dynamically allocating the buffer or by some other more static means.

About The Geek Stuff

My name is Ramesh Natarajan. I will be posting instruction guides, how-to, troubleshooting tips and tricks on Linux, database, hardware, security and web. My focus is to write articles that will either teach you or help you resolve a problem. Read more about Ramesh Natarajan and the blog.

Contact Us

Email Me :
Use this Contact Form to get in touch me with your comments, questions or suggestions about this site. You can also simply drop me a line to say hello!.